December 4, 2014 By Douglas Bonderud 3 min read

Companies are worried about data loss, but many are behind the curve when it comes to safeguarding their assets, according to EMC’s Global Data Protection Index. While these results aren’t exactly surprising, digging deeper into the report uncovers a shocking statistic: The more data protection vendors a company has, the greater the risk. What gives?

Dealing With Loss

According to a Dark Reading article about the new report, companies have a lot to lose. Every year, unintended downtime costs more than $950 billion, while data loss accounts for over $750 billion. That’s a $1.7 trillion price tag just for doing business. Companies are well aware of the risks, with 62 percent saying at least one of their new technology initiatives — such as big data, hybrid cloud and mobile devices — is “difficult” or “very difficult” to protect. Despite this, EMC found that 87 percent of businesses are behind the curve for data protection, and 71 percent aren’t completely confident that their data could be restored after a loss.

So what’s causing all this downtime and loss? Hardware failure tops the list at 53 percent, followed by power loss (39 percent), software failure (38 percent), data corruption (29 percent) and user error (26 percent). In a recent InfoStor article, Guy Churchward, president of EMC Core Technologies, notes that while simple, scheduled backups are no longer enough; companies “lack confidence that data protection will be able to meet future business challenges.” Business response to this issue isn’t unexpected. Most organizations bank on multiple protection strategies to minimize the possibility of loss; after all, if one vendor is good, more must be better, right? As it turns out, however, the math isn’t so simple.

All By Myself

EMC found that without a protection vendor, companies lost 1.75 terabytes of information per year and $420,000 in downtime. Adding one vendor lowered both numbers to 1.16 terabytes and $340,000 lost. Adding a second vendor actually made things worse, bringing the number up to 1.73 terabytes and $400,000 lost over the course of a year.

Here’s where things get weird. The report found that using three or more vendors was worse than using none at all, with data loss more than doubling to 3.54 terabytes and downtime quadrupling to $1.6 million. And it gets worse, because using more vendors means spending a bigger chunk of the information technology (IT) budget. Those with one vendor spend just over 7 percent, while those with three or more vendors spend nearly 9 percent.

Data Protection

So what’s the problem? Why don’t more vendors provide greater protection? The EMC report doesn’t have the answers, but it’s possible to make educated guesses. First is the fact that multiple vendors means fractured spending. Sure, using three vendors eats up 9 percent of the IT budget, but that equates to 3 percent per vendor. In a single-provider scenario, all 7 percent is spent in one place.

Another important factor is the creation of coverage gaps. When companies use multiple vendors, it doesn’t make sense to have them all doing exactly the same thing. Instead, it’s tempting to treat these vendors like cloud services and purchase them on a need-by-need basis rather than as a complete package. The problem? Data protection isn’t a discrete issue: Hardware issues bleed into power problems, and accidental user error can cause data corruption. Assigning specific tasks to multiple vendors means something always gets missed — and it’s costly.

The takeaway when it comes to data protection vendors is that having none is bad, having two isn’t great and having three or more is even worse. According to EMC, one is the safest number.

More from

CISA releases landmark cyber incident reporting proposal

2 min read - Due to ongoing cyberattacks and threats, critical infrastructure organizations have been on high alert. Now, the Cybersecurity and Infrastructure Security Agency (CISA) has introduced a draft of landmark regulation outlining how organizations will be required to report cyber incidents to the federal government.The 447-page Notice of Proposed Rulemaking (NPRM) has been released and is open for public feedback through the Federal Register. CISA was required to develop this report by the Cyber Incident Reporting for Critical Infrastructure Act of 2022…

Ransomware payouts hit all-time high, but that’s not the whole story

3 min read - Ransomware payments hit an all-time high of $1.1 billion in 2023, following a steep drop in total payouts in 2022. Some factors that may have contributed to the decline in 2022 were the Ukraine conflict, fewer victims paying ransoms and cyber group takedowns by legal authorities.In 2023, however, ransomware payouts came roaring back to set a new all-time record. During 2023, nefarious actors targeted high-profile institutions and critical infrastructure, including hospitals, schools and government agencies.Still, it’s not all roses for…

What should an AI ethics governance framework look like?

4 min read - While the race to achieve generative AI intensifies, the ethical debate surrounding the technology also continues to heat up. And the stakes keep getting higher.As per Gartner, “Organizations are responsible for ensuring that AI projects they develop, deploy or use do not have negative ethical consequences.” Meanwhile, 79% of executives say AI ethics is important to their enterprise-wide AI approach, but less than 25% have operationalized ethics governance principles.AI is also high on the list of United States government concerns.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today